Junaid Arshad

A novel intrusion severity analysis approach for Clouds

Cloud computing presents exciting opportunities to foster research for scientific communities; virtual machine technology has a profound role in this. Among other benefits, virtual machine technology enables Clouds to offer large scale and flexible computing infrastructures that are available on demand to address the diverse requirements of scientific research. However, Clouds introduce novel security challenges which need to be addressed to facilitate widespread adoption. This paper is focused on one such challenge-intrusion severity analysis. In particular, we highlight the significance of intrusion severity analysis for the overall security of Clouds. Additionally, we present a novel method to address this challenge in accordance with the specific requirements of Clouds for intrusion severity analysis. We also present rigorous evaluation to assess the effectiveness and feasibility of the proposed method to address this challenge for Clouds. HighlightsSignificance of intrusion severity analysis for Clouds has been highlighted. ? Parameters for intrusion severity analysis along with their significance have been highlighted. ? A machine learning based approach is presented to address intrusion severity analysis. ? Rigorous evaluation demonstrated success rates of above 90% for the proposed method.

Quantification of Security for Compute Intensive Workloads in Clouds

Cloud Computing is a promising technology to facilitate development of large-scale, on-demand, flexible computing infrastructures. However, improving dependability of Cloud Computing is critical for realization of its potential. In this paper, we describe our efforts to quantify security for Clouds to facilitate provision of assurance for quality of service, one of the factors contributing to dependability. This has profound implications for delivering customized security solutions such as effective intrusion prevention and detection which is the overall objective of our research. In order to demonstrate the applicability of our research, we have incorporated these requirements in the resource acquisition phase for Clouds. We also present experiments to demonstrate the effectiveness of our approach to address the Random Migration Problem for virtualized computing environments.

Performance Evaluation of Secure on-Demand Routing Protocols for Mobile Ad-hoc Networks

With the passage of time and increase in the need for mobility wireless or mobile networks emerged to replace the wired networks. This new generation of networks is different from the earlier one in many aspects like network infrastructure, resources and routing protocols, routing devices etc. These networks are bandwidth and resource constrained with no network infrastructure and dedicated routing devices. Moreover, every node in such networks has to take care of its routing module itself. These characteristics become reasons for the importance of security in mobile ad-hoc networks as there is very high probability of attacks in such networks. Some work has been done to compare different protocols on basis of security but keeping in view the resource limitations in such networks, evaluation based on networking context is also important. We evaluate the overall performance overhead associated with secure routing protocols for mobile ad-hoc networks (MANETs). We implement the secure ad-hoc on-demand distance vector routing protocol (SAODV) extensions with AODV in the network simulator 2 (NS-2) and use the Monarch project implementation of Ariadne for our evaluation purpose. We try to figure out the amount of extra work a mobile node has to do in order to operate securely

Moses: A grid-enabled spatial decision support system

The authors present an architecture for simulation modeling using the resources of grid computing. The use of the grid provides access to the substantial data storage and processing power, which are necessary to translate such models from computational tools into genuine planning aids. As well as providing access to virtualized compute resources, the architecture allows customized applications to meet the needs of an array of potential user organizations. A number of key obstacles in the deployment and integration of e-Science services are identified. These include the high computational costs of simulation modeling at the microscale for typical ‘‘what if’’ scenario questions in research and policy settings; the management and technical issues relating to security in licensing common data sources; sociocultural, legal, and administrative restrictions on the privacy of individual-level response data; and the slow development and lack of uptake of agreed standards such as JSR-168 compliant portlets in the construction of useable applications.

Cloud Computing Security: Opportunities and Pitfalls

The evolution of modern computing systems has lead to the emergence of Cloud computing. Cloud computing facilitates on-demand establishment of dynamic, large scale, flexible, and highly scalable computing infrastructures. However, as with any other emerging technology, security underpins widespread adoption of Cloud computing. This paper presents the state-of-the-art about Cloud computing along with its different deployment models. The authors also describe various security challenges that can affect an organizations decision to adopt Cloud computing. Finally, the authors list recommendations to mitigate with these challenges. Such review of state-of-the-art about Cloud computing security can serve as a useful barometer for an organization to make an informed decision about Cloud computing adoption.

Authentication and authorization infrastructure for Grids--issues, technologies, trends and experiences

Authentication and authorization for Grids is a challenging security issue. In this paper, key issues for the establishment of Grid authentication and authorization infrastructures are discussed, and an overview of major Grid authentication and authorization technologies is presented. Related to this, recent developments in Grid authentication and authorization infrastructures suggest adoption of the Shibboleth technology which offers advantages in terms of usability, confidentiality, scalability and manageability. When combined with advanced authorization technologies, Shibboleth-based authentication and authorization infrastructures provide role-based, fine-grained authorization. We share our experience in constructing a Shibboleth-based authentication and authorization infrastructure and believe that such infrastructure provides a promising solution for the security of many application domains.

An Abstract Model for Integrated Intrusion Detection and Severity Analysis for Clouds

Cloud computing is an emerging computing paradigm which introduces novel opportunities to establish large scale, flexible computing infrastructures. However, security underpins extensive adoption of Cloud computing. This paper presents efforts to address one of the significant issues with respect to security of Clouds i.e. intrusion detection and severity analysis. An abstract model for integrated intrusion detection and severity analysis for Clouds is proposed to facilitate minimal intrusion response time while preserving the overall security of the Cloud infrastructures. In order to assess the effectiveness of the proposed model, detailed architectural evaluation using Architectural Trade-off Analysis Model ATAM is used. A set of recommendations which can be used as a set of best practice guidelines while implementing the proposed architecture is discussed.

A Formal Approach to Support Interoperability in Scientific Meta-workflows

Scientific workflows orchestrate the execution of complex experiments frequently using distributed computing platforms. Meta-workflows represent an emerging type of such workflows which aim to reuse existing workflows from potentially different workflow systems to achieve more complex and experimentation minimizing workflow design and testing efforts. Workflow interoperability plays a profound role in achieving this objective. This paper is focused at fostering interoperability across meta-workflows that combine workflows of different workflow systems from diverse scientific domains. This is achieved by formalizing definitions of meta-workflow and its different types to standardize their data structures used to describe workflows to be published and shared via public repositories. The paper also includes thorough formalization of two workflow interoperability approaches based on this formal description: the coarse-grained and fine-grained workflow interoperability approach. The paper presents a case study from Astrophysics which successfully demonstrates the use of the concepts of meta-workflows and workflow interoperability within a scientific simulation platform.

Multi-level meta-workflows: new concept for regularly occurring tasks in quantum chemistry

AbstractBackground In Quantum Chemistry, many tasks are reoccurring frequently, e.g. geometry optimizations, benchmarking series etc. Here, workflows can help to reduce the time of manual job definition and output extraction. These workflows are executed on computing infrastructures and may require large computing and data resources. Scientific workflows hide these infrastructures and the resources needed to run them. It requires significant efforts and specific expertise to design, implement and test these workflows.SignificanceMany of these workflows are complex and monolithic entities that can be used for particular scientific experiments. Hence, their modification is not straightforward and it makes almost impossible to share them. To address these issues we propose developing atomic workflows and embedding them in meta-workflows. Atomic workflows deliver a well-defined research domain specific function. Publishing workflows in repositories enables workflow sharing inside and/or among scientific communities. We formally specify atomic and meta-workflows in order to define data structures to be used in repositories for uploading and sharing them. Additionally, we present a formal description focused at orchestration of atomic workflows into meta-workflows.ConclusionsWe investigated the operations that represent basic functionalities in Quantum Chemistry, developed the relevant atomic workflows and combined them into meta-workflows. Having these workflows we defined the structure of the Quantum Chemistry workflow library and uploaded these workflows in the SHIWA Workflow Repository.Graphical AbstractMeta-workflows and embedded workflows in the template representation

A Guanxi Shibboleth based Security Infrastructure

An e-Social Science infrastructure generally has security requirements to protect their restricted resources or services. As a widely accepted authentication and authorization technology, Shibboleth supports the sharing of resources on inter-institutional federation. Guanxi is an open source implementation of the Shibboleth protocol and architecture. In this paper, we propose a security infrastructure for e-social science based on the Guanxi Shibboleth. This security infrastructure presents two main features. Firstly, Guanxi Shibboleth is integrated into the user-friendly Sakai collaborative and learning environment which provides an ideal place for users to access a variety of federation resources in line with the Shibboleth authentication model. Secondly, PERMIS technology is used to enhance the authorization mechanisms thus enabling a policy-driven, role-based, fine-grained access control. As a result, the security infrastructure presents the advantages of Guanxi Shibboleth, PERMIS and Sakai, and it has been applied to e-Social Science application. We believe this security infrastructure provides a promising authentication and authorization solution for e-social science applications as well as applications in other domains.